Cybernetic (in)security: situation in the Baltic States

The idea of Information-an open, educated and learning- Society has become one of the goals of the countries around the world and international organizations. The EU and its member state Lithuania are not an exception. All EU Member States have their National Information Society Development Programmes, and at the EU level it is regulated by the Lisbon Strategy and the eEurope Action Plan.

In Lithuania, the National Information Society Development Concept, serving as the basis for the development of the Lithuanian Information Society Development Strategy Plan, was approved by the Government in 2001, and in 2005 the Lithuanian Information Society Development Strategy was prepared. It is stated in these documents that one of the key instruments for achieving its objective is information technologies and the increasing numbers of users. However, moving many everyday issues into the virtual space requires more security, as failure to ensure it leads to the increasing potential harm.

On 29 June 2011 the Government adopted the National 2011-2019 Electronic Information Security – Cyber ​​Security – Development Program. In this respect we are behind Estonia, which adopted a similar strategy in 2008 already, in a year after Estonia suffered a cyber attack against the websites of state institutions, business structures and political parties, some banks and online services companies. Legal regulation of cyber security in Latvia is less developed – it is regulated by the Law on Protection of Information Technologies passed in 2011, however, there is no separate programme for addressing this issue.

As it is known, NATO established a new Centre of Excellence on Cyber defence inEstonia. It is an important step indicating that cyber defence of the states has moved beyond the national borders: demonstration of understanding that in pursuing to protect themselves against the growing cyber-crime and politically motivated cyber-attacks it is necessary to cooperate and exchange information.

Timely sharing of information between the states and institutions would be helpful in fighting against cyber-incidents, though it is not easy: it is necessary to standardize security tools, create centres capable of accumulating and processing information of different countries and institutions, etc. Currently, crime in cyberspace in terms of financial flows is greater than the drug business, the frequency of cyber attacks, their complexity and damage is constantly increasing. This is perfectly illustrated by a computer ‘worm’ “Conficker” against Microsoft Windows, observed in 2008; operation “Aurora” (an attack against Google in 2009 from China), ‘worm’ “Stuxnet”, that attacked the uranium enrichment facilities in Iran, etc.

How is Lithuania presented in the cyber security context? Unfortunately, not shining. Though the 2011-2019 Electronic Information Security Development Programme is adopted, the implementation of it lacks funding because of economic difficulties. It is difficult to determine the real situation in the country, and before the general verification of information systems of the authorities, it is difficult to analyse threats and discuss the coping capacities. The nearest mentioned date for the verification is the year of 2013, however, it is not certain.

But this is not the only problem of Lithuania: there is no system for electronic information security management coordination, insufficient public and private sector cooperation, undeveloped appropriate regulation in this area, etc. We can only find comfort in that virtual threat in Lithuania is taken seriously. The Lithuanian Cyber Security Programme scheduled to allocate 10% of means in 2015 for the implementation of safety measures on information systems, and 19% in 2019 for the development and maintenance of information systems.

Money-raising trend coincides with the upward trend in incidents. According to CERT-LT data, 21,8 thousand reports on incidents in cyberspace were investigated in Lithuania in 2011, almost twice as much as in 2010. Relevance of Cyber​​ security is increasing inLithuania also due to the launch of strategic projects aimed at determining the life of the state for several decades.

It is no secret that Lithuania’s efforts to secure energy independence are not welcomed byRussia. Would Russia dare to take cyber attacks against Lithuania? Recalling that in 2008, during cyber attacks in Lithuania, online hackers of “undetermined origin” have “decorated” a few dozen of Lithuanian web sites with Soviet hammers and sickles, the answer offers itself. Cyber forces organized in Russia are among the most powerful in the world (according to the data of the deftools.com website, it consists of about 7.3 thousand experts, the annual budget of which reaches USD127 million)… It would be naive to believe that such resources are allocated only for the national cyber defence of the country.